Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2019-3266-1.NASL
HistoryDec 12, 2019 - 12:00 a.m.

SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2019:3266-1)

2019-12-1200:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

7.7 High

AI Score

Confidence

High

JSON

This update for strongswan provides the following fixes :

Security issues fixed :

CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket (bsc#1094462).

CVE-2018-10811: Fixed a denial of service during the IKEv2 key derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is negotiated as PRF (bsc#1093536).

CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin which might lead to authorization bypass (bsc#1107874).

CVE-2018-17540: Fixed an improper input validation in gmp plugin (bsc#1109845).

Other issues addressed: Fixed some client fails when the scep server URL is used with HTTPS protocol (bsc#1071853).

Reject Diffie-Hellman key exchanges using primes smaller than 1024 bit.

Handle unexpected informational message from SonicWall. (bsc#1009254)

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from SUSE update advisory SUSE-SU-2019:3266-1.
# The text itself is copyright (C) SUSE.
#

include('compat.inc');

if (description)
{
  script_id(132009);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/04");

  script_cve_id(
    "CVE-2018-10811",
    "CVE-2018-16151",
    "CVE-2018-16152",
    "CVE-2018-17540",
    "CVE-2018-5388"
  );

  script_name(english:"SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2019:3266-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"This update for strongswan provides the following fixes :

Security issues fixed :

CVE-2018-5388: Fixed a buffer underflow which may allow to a remote
attacker with local user credentials to resource exhaustion and denial
of service while reading from the socket (bsc#1094462).

CVE-2018-10811: Fixed a denial of service during the IKEv2 key
derivation if the openssl plugin is used in FIPS mode and HMAC-MD5 is
negotiated as PRF (bsc#1093536).

CVE-2018-16151,CVE-2018-16152: Fixed multiple flaws in the gmp plugin
which might lead to authorization bypass (bsc#1107874).

CVE-2018-17540: Fixed an improper input validation in gmp plugin
(bsc#1109845).

Other issues addressed: Fixed some client fails when the scep server
URL is used with HTTPS protocol (bsc#1071853).

Reject Diffie-Hellman key exchanges using primes smaller than 1024
bit.

Handle unexpected informational message from SonicWall. (bsc#1009254)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1009254");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1071853");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1093536");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1094462");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1107874");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1109845");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-10811/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-16151/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-16152/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-17540/");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2018-5388/");
  # https://www.suse.com/support/update/announcement/2019/suse-su-20193266-1/
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4f972723");
  script_set_attribute(attribute:"solution", value:
"To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE OpenStack Cloud 8:zypper in -t patch
SUSE-OpenStack-Cloud-8-2019-3266=1

SUSE OpenStack Cloud 7:zypper in -t patch
SUSE-OpenStack-Cloud-7-2019-3266=1

SUSE Linux Enterprise Server for SAP 12-SP3:zypper in -t patch
SUSE-SLE-SAP-12-SP3-2019-3266=1

SUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch
SUSE-SLE-SAP-12-SP2-2019-3266=1

SUSE Linux Enterprise Server for SAP 12-SP1:zypper in -t patch
SUSE-SLE-SAP-12-SP1-2019-3266=1

SUSE Linux Enterprise Server 12-SP5:zypper in -t patch
SUSE-SLE-SERVER-12-SP5-2019-3266=1

SUSE Linux Enterprise Server 12-SP4:zypper in -t patch
SUSE-SLE-SERVER-12-SP4-2019-3266=1

SUSE Linux Enterprise Server 12-SP3-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-2019-3266=1

SUSE Linux Enterprise Server 12-SP3-BCL:zypper in -t patch
SUSE-SLE-SERVER-12-SP3-BCL-2019-3266=1

SUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-2019-3266=1

SUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch
SUSE-SLE-SERVER-12-SP2-BCL-2019-3266=1

SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
SUSE-SLE-SERVER-12-SP1-2019-3266=1

SUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch
SUSE-SLE-DESKTOP-12-SP4-2019-3266=1

SUSE Enterprise Storage 5:zypper in -t patch
SUSE-Storage-5-2019-3266=1");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16152");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/05/31");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:strongswan");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:strongswan-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:strongswan-hmac");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:strongswan-ipsec");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:strongswan-ipsec-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:strongswan-libs0");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:strongswan-libs0-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
os_ver = os_ver[1];
if (! preg(pattern:"^(SLED12|SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED12 / SLES12", "SUSE " + os_ver);

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);

sp = get_kb_item("Host/SuSE/patchlevel");
if (isnull(sp)) sp = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(1|2|3|4|5)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP1/2/3/4/5", os_ver + " SP" + sp);
if (os_ver == "SLED12" && (! preg(pattern:"^(4)$", string:sp))) audit(AUDIT_OS_NOT, "SLED12 SP4", os_ver + " SP" + sp);


flag = 0;
if (rpm_check(release:"SLES12", sp:"1", reference:"strongswan-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"strongswan-debugsource-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"strongswan-hmac-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"strongswan-ipsec-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"strongswan-ipsec-debuginfo-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"strongswan-libs0-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"1", reference:"strongswan-libs0-debuginfo-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"strongswan-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"strongswan-debugsource-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"strongswan-hmac-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"strongswan-ipsec-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"strongswan-ipsec-debuginfo-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"strongswan-libs0-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"4", reference:"strongswan-libs0-debuginfo-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"strongswan-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"strongswan-debugsource-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"strongswan-hmac-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"strongswan-ipsec-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"strongswan-ipsec-debuginfo-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"strongswan-libs0-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"3", reference:"strongswan-libs0-debuginfo-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"strongswan-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"strongswan-debugsource-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"strongswan-hmac-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"strongswan-ipsec-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"strongswan-ipsec-debuginfo-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"strongswan-libs0-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"2", reference:"strongswan-libs0-debuginfo-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"strongswan-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"strongswan-debugsource-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"strongswan-hmac-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"strongswan-ipsec-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"strongswan-ipsec-debuginfo-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"strongswan-libs0-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLES12", sp:"5", reference:"strongswan-libs0-debuginfo-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"strongswan-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"strongswan-debugsource-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"strongswan-ipsec-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"strongswan-ipsec-debuginfo-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"strongswan-libs0-5.1.3-26.13.1")) flag++;
if (rpm_check(release:"SLED12", sp:"4", cpu:"x86_64", reference:"strongswan-libs0-debuginfo-5.1.3-26.13.1")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "strongswan");
}
VendorProductVersionCPE
novellsuse_linuxstrongswanp-cpe:/a:novell:suse_linux:strongswan
novellsuse_linuxstrongswan-debugsourcep-cpe:/a:novell:suse_linux:strongswan-debugsource
novellsuse_linuxstrongswan-hmacp-cpe:/a:novell:suse_linux:strongswan-hmac
novellsuse_linuxstrongswan-ipsecp-cpe:/a:novell:suse_linux:strongswan-ipsec
novellsuse_linuxstrongswan-ipsec-debuginfop-cpe:/a:novell:suse_linux:strongswan-ipsec-debuginfo
novellsuse_linuxstrongswan-libs0p-cpe:/a:novell:suse_linux:strongswan-libs0
novellsuse_linuxstrongswan-libs0-debuginfop-cpe:/a:novell:suse_linux:strongswan-libs0-debuginfo
novellsuse_linux12cpe:/o:novell:suse_linux:12

Related

nessus 35
openvas 24
suse 3
ubuntu 2
gentoo 1
fedora 6
osv 10
debian 5
photon 12
ubuntucve 5
archlinux 2
freebsd 1
prion 5
cve 5
redhatcve 5
ibm 4
debiancve 5
alpinelinux 5
checkpoint_advisories 1
cert 1
nessus
nessus
SUSE SLED15 / SLES15 Security Update : strongswan (SUSE-SU-2019:3056-1)
2019-11-26 00:00:00
openSUSE Security Update : strongswan (openSUSE-2019-2598)
2019-12-03 00:00:00
openSUSE Security Update : strongswan (openSUSE-2019-2594)
2019-12-03 00:00:00
openvas
openvas
openSUSE: Security Advisory for strongswan (openSUSE-SU-2019:2598-1)
2020-01-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:3266-1)
2021-04-19 00:00:00
openSUSE: Security Advisory for strongswan (openSUSE-SU-2019:2594-1)
2019-12-01 00:00:00
suse
suse
Security update for strongswan (important)
2019-12-01 00:00:00
Security update for strongswan (important)
2019-11-30 00:00:00
Security update for strongswan (moderate)
2020-03-29 00:00:00
ubuntu
ubuntu
strongSwan vulnerabilities
2018-09-25 00:00:00
strongSwan vulnerability
2018-10-01 00:00:00
gentoo
gentoo
strongSwan: Multiple vulnerabilities
2018-11-26 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: strongswan-5.7.1-1.fc28
2018-10-15 10:47:19
[SECURITY] Fedora 27 Update: strongswan-5.7.1-1.fc27
2018-10-15 10:37:20
[SECURITY] Fedora 29 Update: strongswan-5.7.1-1.fc29
2018-10-30 17:42:39
osv
osv
CVE-2018-16151
2018-09-26 21:29:01
strongswan - security update
2018-09-26 00:00:00
strongswan - security update
2018-09-24 00:00:00
debian
debian
[SECURITY] [DSA 4305-1] strongswan security update
2018-09-24 13:10:07
[SECURITY] [DSA 4309-1] strongswan security update
2018-10-02 07:36:09
[SECURITY] [DSA 4229-1] strongswan security update
2018-06-16 09:14:19
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0125
2019-01-29 00:00:00
Important Photon OS Security Update - PHSA-2019-0125
2019-01-29 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-1.0-0164
2018-07-20 00:00:00
ubuntucve
ubuntucve
CVE-2018-17540
2018-10-01 00:00:00
CVE-2018-10811
2018-05-28 00:00:00
CVE-2018-16151
2018-09-24 00:00:00
archlinux
archlinux
[ASA-201809-4] strongswan: authentication bypass
2018-09-24 00:00:00
[ASA-201805-26] strongswan: denial of service
2018-05-26 00:00:00
freebsd
freebsd
strongswan -- Fix Denial-of-Service Vulnerability strongSwan (CVE-2018-10811, CVE-2018-5388)
2018-05-16 00:00:00
prion
prion
Authentication flaw
2018-09-26 21:29:00
Buffer overflow
2018-10-03 20:29:00
Design/Logic Flaw
2018-06-19 21:29:00
cve
cve
CVE-2018-10811
2018-06-19 21:29:00
CVE-2018-16151
2018-09-26 21:29:00
CVE-2018-17540
2018-10-03 20:29:00
redhatcve
redhatcve
CVE-2018-16151
2018-10-03 20:19:56
CVE-2018-17540
2019-10-12 01:52:37
CVE-2018-10811
2018-06-05 09:09:13
ibm
ibm
Security Bulletin: Vulnerability in strongswan affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter
2019-06-16 15:15:01
Security Bulletin: Vulnerabilities in OpenSSL and strongswan affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru
2023-12-07 22:45:02
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-s, 1801-t and 1801-u
2018-12-05 22:20:01
debiancve
debiancve
CVE-2018-10811
2018-06-19 21:29:00
CVE-2018-16151
2018-09-26 21:29:00
CVE-2018-17540
2018-10-03 20:29:00
alpinelinux
alpinelinux
CVE-2018-10811
2018-06-19 21:29:00
CVE-2018-16151
2018-09-26 21:29:00
CVE-2018-17540
2018-10-03 20:29:00
checkpoint_advisories
checkpoint_advisories
StrongSwan OpenSSL Plugin FIPS Mode Denial-of-Service (CVE-2018-10811)
2019-11-18 00:00:00
cert
cert
strongSwan VPN charon server vulnerable to buffer underflow
2018-05-23 00:00:00

7.7 High

AI Score

Confidence

High

JSON
Related for SUSE_SU-2019-3266-1.NASL
nessus35openvas24suse3ubuntu2gentoo1fedora6osv10debian5photon12ubuntucve5archlinux2freebsd1prion5cve5redhatcve5ibm4debiancve5alpinelinux5checkpoint_advisories1cert1